chef 18.5.0 → 18.6.2

data/lib/chef/resource/smartos_package.rb

@@ -22,8 +22,8 @@ class Chef
   class Resource
     class SmartosPackage < Chef::Resource::Package
 
-      provides :smartos_package, target_mode: true
-      provides :package, platform_family: "smartos", target_mode: true
+      provides :smartos_package
+      provides :package, platform_family: "smartos"
 
       description "Use the **smartos_package** resource to manage packages for the SmartOS platform."
 

data/lib/chef/resource/snap_package.rb

@@ -22,7 +22,7 @@ class Chef
   class Resource
     class SnapPackage < Chef::Resource::Package
 
-      provides :snap_package, target_mode: true
+      provides :snap_package
 
       description "Use the **snap_package** resource to manage snap packages on Debian and Ubuntu platforms."
       introduced "15.0"

data/lib/chef/resource/solaris_package.rb

@@ -23,7 +23,7 @@ class Chef
   class Resource
     class SolarisPackage < Chef::Resource::Package
 
-      provides :solaris_package, target_mode: true
+      provides :solaris_package
 
       description "Use the **solaris_package** resource to manage packages on the Solaris platform."
 

data/lib/chef/resource/ssh_known_hosts_entry.rb

@@ -24,7 +24,7 @@ class Chef
   class Resource
     class SshKnownHostsEntry < Chef::Resource
 
-      provides :ssh_known_hosts_entry, target_mode: true
+      provides :ssh_known_hosts_entry
 
       description "Use the **ssh_known_hosts_entry** resource to add an entry for the specified host in /etc/ssh/ssh_known_hosts or a user's known hosts file if specified."
       introduced "14.3"

data/lib/chef/resource/sudo.rb

@@ -25,7 +25,7 @@ class Chef
   class Resource
     class Sudo < Chef::Resource
 
-      provides(:sudo, target_mode: true) { true }
+      provides(:sudo) { true }
 
       description "Use the **sudo** resource to add or remove individual sudo entries using sudoers.d files."\
                   " Sudo version 1.7.2 or newer is required to use the sudo resource, as it relies on the"\
@@ -216,11 +216,11 @@ class Chef
         target = "#{new_resource.config_prefix}/sudoers.d/"
         directory(target)
 
-        Chef::Log.warn("#{new_resource.filename} will be rendered, but will not take effect because the #{new_resource.config_prefix}/sudoers config lacks the includedir directive that loads configs from #{new_resource.config_prefix}/sudoers.d/!") if ::TargetIO::File.readlines("#{new_resource.config_prefix}/sudoers").grep(/includedir/).empty?
+        Chef::Log.warn("#{new_resource.filename} will be rendered, but will not take effect because the #{new_resource.config_prefix}/sudoers config lacks the includedir directive that loads configs from #{new_resource.config_prefix}/sudoers.d/!") if ::File.readlines("#{new_resource.config_prefix}/sudoers").grep(/includedir/).empty?
         file_path = "#{target}#{new_resource.filename}"
 
         if new_resource.template
-          Chef::Log.trace("Template property provided, all other properties ignored.")
+          logger.trace("Template property provided, all other properties ignored.")
 
           template file_path do
             source new_resource.template
@@ -279,13 +279,13 @@ class Chef
         end
 
         def visudo_present?
-          return true if ::TargetIO::File.exist?(new_resource.visudo_binary)
+          return true if ::File.exist?(new_resource.visudo_binary)
 
           Chef::Log.warn("The visudo binary cannot be found at '#{new_resource.visudo_binary}'. Skipping sudoer file validation. If visudo is on this system you can specify the path using the 'visudo_binary' property.")
         end
 
         def visudo_content(path)
-          if ::TargetIO::File.exist?(path)
+          if ::File.exist?(path)
             "cat #{new_resource.config_prefix}/sudoers | #{new_resource.visudo_binary} -cf - && #{new_resource.visudo_binary} -cf %{path}"
           else
             "cat #{new_resource.config_prefix}/sudoers %{path} | #{new_resource.visudo_binary} -cf -"

data/lib/chef/resource/support/client.erb

@@ -16,12 +16,13 @@
       @policy_group
       @policy_name
       @rubygems_url
-      @ssl_verify_mode
-      @policy_persist_run_list).each do |prop| -%>
+      @ssl_verify_mode).each do |prop| -%>
 <% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
 <%=prop.delete_prefix("@") %> <%= instance_variable_get(prop).inspect %>
 <% end -%>
+<%# boolean properties are neither .nil? nor respond to .empty? so they are included below %>
 minimal_ohai <%= @minimal_ohai.inspect %>
+policy_persist_run_list <%= @policy_persist_run_list.inspect %>
 <%# ohai_disabled_plugins and ohai_optional_plugins properties don't match the config value perfectly-%>
 <% %w(@ohai_disabled_plugins
       @ohai_optional_plugins).each do |prop| -%>

data/lib/chef/resource/swap_file.rb

@@ -21,7 +21,7 @@ class Chef
   class Resource
     class SwapFile < Chef::Resource
 
-      provides(:swap_file, target_mode: true) { true }
+      provides(:swap_file) { true }
 
       description "Use the **swap_file** resource to create or delete swap files on Linux systems, and optionally to manage the swappiness configuration for a host."
       introduced "14.0"
@@ -84,7 +84,7 @@ class Chef
 
       action :remove, description: "Remove a swapfile and disable swap." do
         swapoff if swap_enabled?
-        remove_swapfile if ::TargetIO::File.exist?(new_resource.path)
+        remove_swapfile if ::File.exist?(new_resource.path)
       end
 
       action_class do
@@ -129,7 +129,7 @@ class Chef
 
         def remove_swapfile
           converge_by "remove swap file #{new_resource.path}" do
-            ::TargetIO::FileUtils.rm(new_resource.path)
+            ::FileUtils.rm(new_resource.path)
           end
         end
 
@@ -186,7 +186,7 @@ class Chef
         def compatible_kernel
           fallocate_location = shell_out("which fallocate").stdout
           Chef::Log.debug("#{new_resource} fallocate location is '#{fallocate_location}'")
-          ::TargetIO::File.exist?(fallocate_location.chomp)
+          ::File.exist?(fallocate_location.chomp)
         end
 
         def compatible_filesystem?
@@ -205,7 +205,7 @@ class Chef
 
         def persist
           fstab = "/etc/fstab"
-          contents = ::TargetIO::File.readlines(fstab)
+          contents = ::File.readlines(fstab)
           addition = "#{new_resource.path} swap swap defaults 0 0"
 
           if contents.any? { |line| line.strip == addition }
@@ -214,7 +214,7 @@ class Chef
             Chef::Log.info("#{new_resource} adding entry to #{fstab} for #{new_resource.path}")
 
             contents << "#{addition}\n"
-            ::TargetIO::File.open(fstab, "w") { |f| f.write(contents.join("")) }
+            ::File.open(fstab, "w") { |f| f.write(contents.join("")) }
           end
         end
       end

data/lib/chef/resource/sysctl.rb

@@ -21,8 +21,8 @@ class Chef
   class Resource
     class Sysctl < Chef::Resource
 
-      provides(:sysctl, target_mode: true) { true }
-      provides(:sysctl_param, target_mode: true) { true }
+      provides(:sysctl) { true }
+      provides(:sysctl_param) { true }
 
       description "Use the **sysctl** resource to set or remove kernel parameters using the `sysctl` command line tool and configuration files in the system's `sysctl.d` directory. Configuration files managed by this resource are named `99-chef-KEYNAME.conf`."
       examples <<~DOC
@@ -152,7 +152,7 @@ class Chef
 
       action :remove, description: "Remove the kernel parameter and update the `sysctl` settings." do
         # only converge the resource if the file actually exists to delete
-        if ::TargetIO::File.exist?("#{new_resource.conf_dir}/99-chef-#{new_resource.key.tr("/", ".")}.conf")
+        if ::File.exist?("#{new_resource.conf_dir}/99-chef-#{new_resource.key.tr("/", ".")}.conf")
           converge_by "removing sysctl config at #{new_resource.conf_dir}/99-chef-#{new_resource.key.tr("/", ".")}.conf" do
             file "#{new_resource.conf_dir}/99-chef-#{new_resource.key.tr("/", ".")}.conf" do
               action :delete
@@ -216,9 +216,9 @@ class Chef
       # return the value. Raise in case this conf file needs to be created
       # or updated
       def get_sysctld_value(key)
-        raise unless ::TargetIO::File.exist?("/etc/sysctl.d/99-chef-#{key.tr("/", ".")}.conf")
+        raise unless ::File.exist?("/etc/sysctl.d/99-chef-#{key.tr("/", ".")}.conf")
 
-        k, v = ::Target_IO::File.read("/etc/sysctl.d/99-chef-#{key.tr("/", ".")}.conf").match(/(.*) = (.*)/).captures
+        k, v = ::File.read("/etc/sysctl.d/99-chef-#{key.tr("/", ".")}.conf").match(/(.*) = (.*)/).captures
         raise "Unknown sysctl key!" if k.nil?
         raise "Unknown sysctl value!" if v.nil?
 

data/lib/chef/resource/systemd_unit.rb

@@ -24,7 +24,7 @@ class Chef
   class Resource
     class SystemdUnit < Chef::Resource
 
-      provides(:systemd_unit, target_mode: true) { true }
+      provides(:systemd_unit) { true }
 
       description "Use the **systemd_unit** resource to create, manage, and run [systemd units](https://www.freedesktop.org/software/systemd/man/systemd.html#Concepts)."
       introduced "12.11"

data/lib/chef/resource/template.rb

@@ -35,7 +35,7 @@ class Chef
     # template resource follow the same file specificity rules as the remote_file and file resources.
     class Template < Chef::Resource::File
 
-      provides :template, target_mode: true
+      provides :template
 
       include Chef::Mixin::Securable
 

data/lib/chef/resource/timezone.rb

@@ -23,7 +23,7 @@ class Chef
   class Resource
     class Timezone < Chef::Resource
 
-      provides :timezone, target_mode: true
+      provides :timezone
 
       description "Use the **timezone** resource to change the system timezone on Windows, Linux, and macOS hosts. Timezones are specified in tz database format, with a complete list of available TZ values for Linux and macOS here: <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>. On Windows systems run `tzutil /l` for a complete list of valid timezones."
       introduced "14.6"
@@ -96,10 +96,10 @@ class Chef
       # @since 16.5
       # @return [String] timezone id
       def current_rhel_tz
-        return nil unless ::TargetIO::File.exist?("/etc/sysconfig/clock")
+        return nil unless ::File.exist?("/etc/sysconfig/clock")
 
         # https://rubular.com/r/aoj01L3bKBM7wh
-        /ZONE="(.*)"/.match(::TargetIO::File.read("/etc/sysconfig/clock"))[1]
+        /ZONE="(.*)"/.match(::File.read("/etc/sysconfig/clock"))[1]
       end
 
       load_current_value do
@@ -155,13 +155,13 @@ class Chef
                 execute "tzdata-update" do
                   command "/usr/sbin/tzdata-update"
                   action :nothing
-                  only_if { ::TargetIO::File.executable?("/usr/sbin/tzdata-update") }
+                  only_if { ::File.executable?("/usr/sbin/tzdata-update") }
                   subscribes :run, "file[/etc/sysconfig/clock]", :immediately
                 end
 
                 link "/etc/localtime" do
                   to "/usr/share/zoneinfo/#{new_resource.timezone}"
-                  not_if { ::TargetIO::File.executable?("/usr/sbin/tzdata-update") }
+                  not_if { ::File.executable?("/usr/sbin/tzdata-update") }
                 end
               when "mac_os_x"
                 shell_out!(["sudo", "systemsetup", "-settimezone", new_resource.timezone])

data/lib/chef/resource/user/aix_user.rb

@@ -22,8 +22,8 @@ class Chef
     class User
       class AixUser < Chef::Resource::User
 
-        provides :aix_user, target_mode: true
-        provides :user, os: "aix", target_mode: true
+        provides :aix_user
+        provides :user, os: "aix"
       end
     end
   end

data/lib/chef/resource/user/linux_user.rb

@@ -22,8 +22,8 @@ class Chef
     class User
       class LinuxUser < Chef::Resource::User
 
-        provides :linux_user, target_mode: true
-        provides :user, os: "linux", target_mode: true
+        provides :linux_user
+        provides :user, os: "linux"
 
       end
     end

data/lib/chef/resource/user/pw_user.rb

@@ -22,8 +22,8 @@ class Chef
     class User
       class PwUser < Chef::Resource::User
 
-        provides :pw_user, target_mode: true
-        provides :user, os: "freebsd", target_mode: true
+        provides :pw_user
+        provides :user, os: "freebsd"
       end
     end
   end

data/lib/chef/resource/user/solaris_user.rb

@@ -22,8 +22,8 @@ class Chef
     class User
       class SolarisUser < Chef::Resource::User
 
-        provides :solaris_user, target_mode: true
-        provides :user, os: %w{omnios solaris2}, target_mode: true
+        provides :solaris_user
+        provides :user, os: %w{omnios solaris2}
       end
     end
   end

data/lib/chef/resource/user_ulimit.rb

@@ -23,7 +23,7 @@ class Chef
   class Resource
     class UserUlimit < Chef::Resource
 
-      provides :user_ulimit, target_mode: true
+      provides :user_ulimit
 
       description "Use the **user_ulimit** resource to create individual ulimit files that are installed into the `/etc/security/limits.d/` directory."
       introduced "16.0"

data/lib/chef/resource/yum_repository.rb

@@ -22,7 +22,7 @@ class Chef
   class Resource
     class YumRepository < Chef::Resource
 
-      provides(:yum_repository, target_mode: true) { true }
+      provides(:yum_repository) { true }
 
       description "Use the **yum_repository** resource to manage a Yum repository configuration file located at `/etc/yum.repos.d/repositoryid.repo` on the local machine. This configuration file specifies which repositories to reference, how to handle cached data, etc."
       introduced "12.14"

data/lib/chef/resource/zypper_package.rb

@@ -22,8 +22,8 @@ class Chef
   class Resource
     class ZypperPackage < Chef::Resource::Package
 
-      provides :zypper_package, target_mode: true
-      provides :package, platform_family: "suse", target_mode: true
+      provides :zypper_package
+      provides :package, platform_family: "suse"
 
       description "Use the **zypper_package** resource to install, upgrade, and remove packages with Zypper for the SUSE Enterprise and openSUSE platforms."
       examples <<~DOC

data/lib/chef/resource/zypper_repository.rb

@@ -22,8 +22,8 @@ class Chef
   class Resource
     class ZypperRepository < Chef::Resource
 
-      provides(:zypper_repository, target_mode: true) { true }
-      provides(:zypper_repo, target_mode: true) { true } # legacy cookbook compatibility
+      provides(:zypper_repository) { true }
+      provides(:zypper_repo) { true } # legacy cookbook compatibility
 
       description "Use the **zypper_repository** resource to create Zypper package repositories on SUSE Enterprise Linux and openSUSE systems. This resource maintains full compatibility with the **zypper_repository** resource in the existing **zypper** cookbook."
       introduced "13.3"

data/lib/chef/resource_inspector.rb

@@ -79,19 +79,37 @@ class Chef
       Array(equal_to).map(&:inspect)
     end
 
+    def self.load_from_resources(resources, complete)
+      resources.each_with_object({}) do |r, res|
+        pth = r["full_path"]
+        # Here we do some magic to extract resources from files where there are multiple resources
+        # in a file - to do this, we load the file, and take the delta of which resources
+        # exist in object space
+        existing_classes = []
+        ObjectSpace.each_object(Class).select { |k| k < Chef::Resource }.each { |klass| existing_classes << klass }
+        # Load the set of resources from this file
+        Chef::Resource::LWRPBase.build_from_file(name, pth, Chef::RunContext.new(Chef::Node.new, nil, nil))
+        # Finally, process every new class added to the object space by that
+        ObjectSpace.each_object(Class).select { |k| k < Chef::Resource }.each do |klass|
+          unless existing_classes.include?(klass)
+            # Skip over anything which creates resources that start with exactly this - that happens
+            # because if there is no non-classed resource in here, LWRPBase.build_from_file builds a
+            # dummy object from it - we don't need that polluting out output!
+            next if klass.resource_name.start_with?("Chef__ResourceInspector")
+
+            res[klass.resource_name] = extract_resource(klass, complete)
+          end
+        end
+      end
+    end
+
     def self.extract_cookbook(path, complete)
       path = File.expand_path(path)
       dir, name = File.split(path)
       Chef::Cookbook::FileVendor.fetch_from_disk(path)
       loader = Chef::CookbookLoader.new(dir)
       cookbook = loader.load_cookbook(name)
-      resources = cookbook.files_for(:resources)
-
-      resources.each_with_object({}) do |r, res|
-        pth = r["full_path"]
-        cur = Chef::Resource::LWRPBase.build_from_file(name, pth, Chef::RunContext.new(Chef::Node.new, nil, nil))
-        res[cur.resource_name] = extract_resource(cur, complete)
-      end
+      load_from_resources(cookbook.files_for(:resources), complete)
     end
 
     # If we're given no resources, dump all of Chef's built ins

data/lib/chef/run_lock.rb

@@ -151,9 +151,6 @@ class Chef
         # will return false
         if runlock.flock(File::LOCK_NB | File::LOCK_EX) == 0
           true
-        # Target mode does not have run locks, because concurrency is intended
-        elsif Chef::Config.target_mode?
-          true
         else
           false
         end

data/lib/chef/scan_access_control.rb

@@ -46,7 +46,7 @@ class Chef
 
     # Modifies @current_resource, setting the current access control state.
     def set_all!
-      if ::TargetIO::File.exist?(new_resource.path)
+      if ::File.exist?(new_resource.path)
         set_owner
         set_group
         set_mode
@@ -76,7 +76,7 @@ class Chef
     end
 
     def lookup_uid
-      unless (pwent = TargetIO::Etc.getpwuid(stat.uid)).nil?
+      unless (pwent = Etc.getpwuid(stat.uid)).nil?
         pwent.name
       else
         stat.uid
@@ -103,7 +103,7 @@ class Chef
     end
 
     def lookup_gid
-      unless (pwent = TargetIO::Etc.getgrgid(stat.gid)).nil?
+      unless (pwent = Etc.getgrgid(stat.gid)).nil?
         pwent.name
       else
         stat.gid
@@ -128,10 +128,10 @@ class Chef
 
     def stat
       @stat ||= if @new_resource.instance_of?(Chef::Resource::Link)
-                  ::TargetIO::File.lstat(@new_resource.path)
+                  ::File.lstat(@new_resource.path)
                 else
-                  realpath = ::TargetIO::File.realpath(@new_resource.path)
-                  ::TargetIO::File.stat(realpath)
+                  realpath = ::File.realpath(@new_resource.path)
+                  ::File.stat(realpath)
                 end
     end
   end

data/lib/chef/util/backup.rb

@@ -30,7 +30,7 @@ class Chef
       end
 
       def backup!
-        if @new_resource.backup != false && @new_resource.backup > 0 && ::TargetIO::File.exist?(path)
+        if @new_resource.backup != false && @new_resource.backup > 0 && ::File.exist?(path)
           do_backup
           # Clean up after the number of backups
           slice_number = @new_resource.backup

data/lib/chef/util/diff.rb

@@ -60,7 +60,7 @@ class Chef
 
       def use_tempfile_if_missing(file)
         tempfile = nil
-        unless TargetIO::File.exist?(file)
+        unless File.exist?(file)
           Chef::Log.trace("File #{file} does not exist to diff against, using empty tempfile")
           tempfile = Tempfile.new("chef-diff")
           file = tempfile.path
@@ -131,19 +131,6 @@ class Chef
         diff_filesize_threshold = Chef::Config[:diff_filesize_threshold]
         diff_output_threshold = Chef::Config[:diff_output_threshold]
 
-        # Download files for diffs in Target Mode, then work locally
-        if ChefConfig::Config.target_mode?
-          connection = Chef.run_context&.transport_connection
-
-          old_copy = Tempfile.new(old_file)
-          connection.download(old_file, old_copy.path) if connection.file(old_file).exist?
-          old_file = old_copy.path
-
-          new_copy = Tempfile.new(new_file)
-          connection.download(new_file, new_copy.path) if connection.file(new_file).exist?
-          new_file = new_copy.path
-        end
-
         if ::File.size(old_file) > diff_filesize_threshold || ::File.size(new_file) > diff_filesize_threshold
           return "(file sizes exceed #{diff_filesize_threshold} bytes, diff output suppressed)"
         end

data/lib/chef/util/file_edit.rb

@@ -29,9 +29,9 @@ class Chef
       public
 
       def initialize(filepath)
-        raise ArgumentError, "File '#{filepath}' does not exist" unless TargetIO::File.exist?(filepath)
+        raise ArgumentError, "File '#{filepath}' does not exist" unless File.exist?(filepath)
 
-        @editor = Editor.new(TargetIO::File.open(filepath, &:readlines))
+        @editor = Editor.new(File.open(filepath, &:readlines))
         @original_pathname = filepath
         @file_edited = false
       end
@@ -85,8 +85,8 @@ class Chef
       def write_file
         if @changes
           backup_pathname = original_pathname + ".old"
-          TargetIO::FileUtils.cp(original_pathname, backup_pathname, preserve: true)
-          TargetIO::File.open(original_pathname, "w") do |newfile|
+          FileUtils.cp(original_pathname, backup_pathname, preserve: true)
+          File.open(original_pathname, "w") do |newfile|
             editor.lines.each do |line|
               newfile.puts(line)
             end

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("18.5.0")
+  VERSION = Chef::VersionString.new("18.6.2")
 end
 
 #

data/lib/chef/win32/registry.rb

@@ -26,6 +26,11 @@ if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
     autoload :Registry, File.expand_path("../monkey_patches/win32/registry", __dir__)
   end
   require_relative "api/registry"
+
+  require "win32/resolv"
+  ::Win32::Registry.define_method :export_string do |str, enc = (Encoding.default_internal || "utf-8")|
+    str.encode(enc)
+  end
 end
 
 class Chef

data/lib/chef/win32/security.rb

@@ -130,6 +130,15 @@ class Chef
         end
       end
 
+      def self.clear_account_rights(name)
+        return if get_account_right(name) == []
+
+        with_lsa_policy(name) do |policy_handle, sid|
+          result = LsaRemoveAccountRights(policy_handle.read_pointer, sid, true, nil, 1)
+          test_and_raise_lsa_nt_status(result)
+        end
+      end
+
       def self.adjust_token_privileges(token, privileges)
         token = token.handle if token.respond_to?(:handle)
         old_privileges_size = FFI::Buffer.new(:long).write_long(privileges.size_with_privileges)

data/lib/chef.rb

@@ -32,5 +32,3 @@ require_relative "chef/handler"
 require_relative "chef/handler/json_file"
 require_relative "chef/event_dispatch/dsl"
 require_relative "chef/chef_class"
-
-require_relative "chef/target_io"

data/spec/functional/resource/cookbook_file_spec.rb

@@ -57,7 +57,7 @@ describe Chef::Resource::CookbookFile do
     create_resource
   end
 
-  it_behaves_like "a file resource"
+  it_behaves_like "a file resource", :not_supported_on_windows_11
 
   # These examples cover CHEF-3467 where unexpected and incorrect
   # permissions can result on Windows because CookbookFile's

data/spec/integration/client/open_ssl_spec.rb

@@ -3,7 +3,7 @@ require "spec_helper"
 describe "openssl checks" do
   let(:openssl_version_default) do
     if windows?
-      "1.0.2zi"
+      "3.0.9"
     elsif macos?
       "1.1.1m"
     else

data/spec/spec_helper.rb

@@ -145,6 +145,7 @@ RSpec.configure do |config|
 
   config.filter_run_excluding windows_only: true unless windows?
   config.filter_run_excluding not_supported_on_windows: true if windows?
+  config.filter_run_excluding not_supported_on_windows_11: true if windows_11?
   config.filter_run_excluding not_supported_on_macos: true if macos?
   config.filter_run_excluding macos_only: true unless macos?
   config.filter_run_excluding not_macos_gte_11: true if macos_gte_11?

data/spec/support/chef_helpers.rb

@@ -69,8 +69,8 @@ def make_canonical_temp_directory
 end
 
 # Check if a cmd exists on the PATH
-def which(cmd)
-  paths = ENV["PATH"].split(File::PATH_SEPARATOR) + [ "/bin", "/usr/bin", "/sbin", "/usr/sbin" ]
+def which(cmd, prepend_path: nil, extra_path: nil)
+  paths = Array(prepend_path) + ENV["PATH"].split(File::PATH_SEPARATOR) + [ "/bin", "/usr/bin", "/sbin", "/usr/sbin" ] + Array(extra_path)
   paths.each do |path|
     filename = File.join(path, cmd)
     return filename if File.executable?(filename)

data/spec/support/platform_helpers.rb

@@ -65,6 +65,12 @@ def windows_gte_10?
   Gem::Requirement.new(">= 10").satisfied_by?(Gem::Version.new(win32_os_version))
 end
 
+def windows_11?
+  return false unless windows?
+
+  Gem::Requirement.new(">= 10.0.22621").satisfied_by?(Gem::Version.new(win32_os_version))
+end
+
 def win32_os_version
   @win32_os_version ||= begin
                           wmi = WmiLite::Wmi.new
@@ -228,6 +234,8 @@ def aes_256_gcm?
 end
 
 def fips_mode_build?
+  return false if ENV.fetch("BUILDKITE_PIPELINE_SLUG", "") =~ /verify$/
+
   if ENV.include?("BUILDKITE_LABEL") # try keying directly off Buildkite environments
     # regex version of chef/chef-foundation:.expeditor/release.omnibus.yml:fips-platforms
     [/el-.*-x86_64/, /el-.*-ppc64/, /el-.*aarch/, /ubuntu-/, /windows-/, /amazon-2/].any? do |os_arch|

data/spec/support/shared/functional/file_resource.rb

@@ -245,14 +245,14 @@ shared_examples_for "a file resource" do
 
     include_context "deploying with move"
 
-    describe "when deploying via tmpdir" do
+    describe "when deploying via tmpdir", :not_supported_on_windows_11 do
 
       include_context "deploying via tmpdir"
 
       it_behaves_like "a configured file resource"
     end
 
-    describe "when deploying via destdir" do
+    describe "when deploying via destdir", :not_supported_on_windows_11 do
 
       include_context "deploying via destdir"
 
@@ -912,7 +912,7 @@ shared_examples_for "a configured file resource" do
     dummy_desc
   end
 
-  it_behaves_like "a securable resource without existing target"
+  it_behaves_like "a securable resource without existing target", :not_supported_on_windows_11
 
   context "when the target file has the wrong content" do
     before(:each) do